A local user can exploit the administration console interface in Mailtraq to escalate privileges. By double-clicking on the Mailtraq icon in the Taskbar, right-clicking in the right text pane and choosing View Source, and then opening cmd.exe with SYSTEM privileges, the user can launch a command prompt with elevated privileges.
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
A vulnerability exists in the phpBB Cash_Mod module that allows an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
Cscope creates temporary files in an insecure way, allowing attackers to create malicious symbolic links and overwrite arbitrary files with the privileges of an unsuspecting user.
Cscope creates temporary files in an insecure way, allowing attackers to create malicious symbolic links that Cscope will write to when executed by an unsuspecting user. This can lead to arbitrary file overwriting.
The Event Calendar software is prone to multiple input validation vulnerabilities, including HTML injection and cross-site scripting. These vulnerabilities can be exploited to execute hostile HTML and script content in the browser of a victim user, extract sensitive information from the database, and execute attacker-supplied HTML and script content in the browser of the victim user.
This modules exploits a vulnerability found in the Honewell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files.
PowerPortal is vulnerable to remote SQL injection due to a failure in validating user-supplied input before including it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application.
The NetNote server is prone to a remote denial of service vulnerability. This vulnerability occurs because the application does not handle exceptional conditions properly. By sending a specially crafted payload to the server, an attacker can cause the server to crash, resulting in a denial of service.
Services By CQR